Set _remote_user to HTTP Only

Sergio Oliveira
1 parent 0284e8ff
Showing 1 changed file with 1 additions and 1 deletions Show diff stats
lib/omniauth/strategies/remote_user.rb
@@ -48,7 +48,7 @@ module OmniAuth
         request = Rack::Request.new(env)
         response = redirect_if_not_logging_in(request,_auth_path(request) )
         if response
-          response.set_cookie(options.internal_cookie, {value: uid , path: "#{request.script_name}"})
+          response.set_cookie(options.internal_cookie, {value: uid, path: "#{request.script_name}", httponly: true})
           response.finish
         end
       end
	@@ -48,7 +48,7 @@ module OmniAuth		@@ -48,7 +48,7 @@ module OmniAuth
48	request = Rack::Request.new(env)	48	request = Rack::Request.new(env)
49	response = redirect_if_not_logging_in(request,_auth_path(request) )	49	response = redirect_if_not_logging_in(request,_auth_path(request) )
50	if response	50	if response
51	- response.set_cookie(options.internal_cookie, {value: uid , path: "#{request.script_name}"})	51	+ response.set_cookie(options.internal_cookie, {value: uid, path: "#{request.script_name}", httponly: true})
52	response.finish	52	response.finish
53	end	53	end
54	end	54	end